Juozas Kaziukenas has posted the first part in his look at making ACL easy (access control lists). His examples are more specific to the Zend_Acl component of the Zend Framework, but the concepts can be translated across several different ACL tools out there.

Every now and then I see questions about ACL and how to use it. A lot of web developers are using it without actually knowing what it is and how it works, even though it's powering one of the most important part of applications – user access management.

He starts off with the base level of what an ACL is and how it would work in your application (illustrated by a wrong and right way to handle a simple permission in an application). He talks about roles, resources and privileges as well as how applications using the MVC design pattern make it simple to check the current resource. He also mentions an issue that could be confusing - inheritance.